search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

`removeOperator()` Wrong implementation #158

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L79-L86

function removeOperator(bytes32 operator) external override onlyOwner {
    uint256 i = 0;
    while (operators[i] != operator) {
        i++;
    }
    require(i > 0, "NestedFactory::removeOperator: Cant remove non-existent operator");
    delete operators[i];
}

Unable to delete operator at index 0 because it will revet at L84.

Recommendation

Change to:

function removeOperator(bytes32 operator) external override onlyOwner {
    uint256 length = operators.length;
    for (uint256 i = 0; i < length; i++) {
        if (operators[i] == operator) {
            delete operators[i];
            return;
        }
    }
    revert("NestedFactory::removeOperator: Cant remove non-existent operator");
}
maximebrugel commented 2 years ago

Duplicated : #58

alcueca commented 2 years ago

Taking #220 instead